Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java sensitive data: char[] vs String? What is the point?

Tags:

java

We already know about this suggestion/practice to use char[] instead of String for sensitive data. There is multiple reasons for it. One is to clean up the sensitive data right after they are not needed anymore:

char[] passwd = passwordProvider.getKeyStorePassword();
KeyStore keystore = KeyStore.getInstance("JKS");

// TODO: Create the input stream;
keystore.load(inputstream, passwd);

System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);

// Please continue...

Now the question: does it (i.e. using char[]) make sense (specifically the point mentioned above), when the sensitive data comes to you originally as String value? for example:

char[] passwd = passwordProvider.getKeyStorePassword().toCharArray();
KeyStore keystore = KeyStore.getInstance("JKS");

// TODO: using the passwd, load the keystore;

System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);

// Please continue...

Thanks in advance.

UPDATE2: I'll rephrase the question: in this specific context (forget about changes in future or anything else), does the line "clearing the content of char array" do any good?

UPDATE1: it's not a duplication of Why is char[] preferred over String for passwords? I know what the story is. I'm asking in this specific context, does it still make sense?

like image 441
Rad Avatar asked Feb 03 '17 09:02

Rad


People also ask

Why char [] is better than String for passwords?

Since Strings are immutable there is no way the contents of Strings can be changed because any change will produce a new String, while if you use a char[] you can still set all the elements as blank or zero. So storing a password in a character array clearly mitigates the security risk of stealing a password. 2.

Do you know why we use char [] array over String for storing passwords sensitive information in Java?

Security: Any one who has access to memory dump can find the password in clear text and that's another reason to use encrypted password than plain text. So Storing password in character array clearly mitigates security risk of stealing password.

Which one is better to use char array or String?

A char array is harder to manage than a string and certain functions may only accept a string as input, requiring you to convert the array to a string. It's better to use strings, they were made so that you don't have to use arrays.

Which is better String or character array in Java?

That's all on why character array is a better choice than String for storing passwords in Java. Though using char[] is not just enough you need to erase content to be more secure.


1 Answers

It seems to me that it's a security problem in the design of the API of the password provider that it returns a String.

But, if you have to work with that API, converting to char[] immediately means that you aren't preventing the String instance from being GC'd, because you're not holding a reference to it for any longer than is absolutely necessary.

So, it makes sense to use char[] here because you "aren't making it worse".

like image 99
Andy Turner Avatar answered Oct 23 '22 03:10

Andy Turner